r3 - 2008-08-04 - 08:36:27 - MartinBurnickiYou are here: NTP >  Dev Web > MaintainerIssues > MaintainerIssuesDev
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
Q/A page for the MaintainerIssues page.

Feel free to edit this page, adding questions, answers, and comments!

-- HarlanStenn - 06 Dec 2004

I've just gone through the MaintainerIssues page (which has recently been updated) again but this does not yet seem to solve the problem we have with bug #841.

Normally I'm used to understand what I am doing, and also why I am doing something. However, I still don't understand why a patch which has been written for stable has to be able to be pulled into dev in order to be accepted.

The nature of the -dev repository is that large parts of the -dev code differ from the -stable code, otherwise the -dev repo would be obsolete. If the same bug is both in -stable and in -dev then of course the approach described in MaintainerIssues is the best way to handle this. In this case there's a good chance that the affected code is still similar in -stable and -dev, so a patch for -stable should basically also pull into -dev cleanly.

However, that requirement makes absolutely no sense at all if a fix is only for -stable because the associated code in -dev differs from -stable and does not have the bug which shall be fixed.

In the particular case of bug #841 the change for -dev has been made by Frank back in May 2007. I have backported this for -stable in April 2008. So if you try to pull the patch for -stable into -dev this is the same as if you try to pull the same patch in twice, which makes absolutely no sense.

-- MartinBurnicki - 04 Aug 2008

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r4 < r3 < r2 < r1 | More topic actions...
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback